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This fisting of chums replaces all prior versions and listings of claims in the 
application: 

ystmgofQauns: 

! . (Currently Amended) A computer-implemented method for generating 
access eomro] nk„ tin. method comprising: 

receiving an access control ruse that identifies a characteristic; 

^<^s_ ccih roc al 'kss 0 i c entry in irs > t t i 

ss< i * v e acteris 

1 ; t i i east one on l mulion t mi 8 

; sstc atcd with i\k ciei stic; and 

gene; , ;g access eon el ii brmation that erm - ne es ssociafed 

with the a in tlie us \ \ \ 

data object inihraiahon. 

I U \ <. i u ! ■*"» <. ml vV i cbin v macron 

i v. i v. ! IL I v< ^ I llv M l.^l'Mfl 

the user information, and 

a v a i 1 v o. i ^ «. v s v i ' i 1 t , at is 

as x c \ ( w idem fied charac stir > program latit ally ,i< i 
eas one en cry i v ton i ec so ed vn se identified 

characteristic , 



3. Currently Ann £ i T K i * o 5 \ therein 

entitled characteristic rectiyass < i ! st ! \ 
< , format c - 
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i Mtn u. -k-i k* 1 c i - dj-y iden rga 

least one e\ r> i user saiion tb s c Uy asso vi dentific 
characteristic. 

4. lOrk-inai! u method Us 1 wherein ^cnemtirg acccs.? l » d 
so brroa o 3 1 in; ses 

enei rig use ccess coi i mfon t identifies the at k N v< it N n 

1 ! v lilt •> _v \\ v <. i u v 

^ a to ^ i i. s i. 1 ai (. ! s t J u 

n the data object irrformatton that is associated oath the identified characteristic, and 

v ! c t r ' K C (1 f <. 1 » , e •*■ 

one entry in the data object access control information. 

5. (Original} The method of c (aim 4 further comprising storing the 
association of the at least one entry hi the user access control information with the at least 

ns entry in the da i e 

6. v, v a'^v v. x\ ! l ' a i ^oo ^ m 
storing the user access control information. 

7. (O - v T v *^ chani 4 h ^ u e a ; v e> 
cular i sochased t e c ei 

information is pern ed access t at I i object tba ssoci \ e 
east on*. r\ the date dec Cv - n d i rnado a/here he dcten ination is 

s s > ( ^ ! o i t kit be a ees c c ibnnitioo 

v* h « teas xne entry in the data object access c itrol ifomi 



Apphcar 
; a < 



■«v"s Docket No.: 13906- 
} 34001 /2OU3P0O532US 



8, (Original) The method of claim 1 funhcr comprising n coning a fiher 
eexi oi c ? u t, < . g a ) . to m o doth ^orTpr es e> v'^nrg 
access control information by eliminating at least one entry in the user information that 

< it' s 1 i roc- 

t t v ' i * i., iv, > itK i mo rat 

9, > a!) Them d of clan triher eon ig rccc gai He 
tone \ t <} 1 7 > ! v ! i s v s v v. f ^ 
access control information by eliminating at least one entry in the data object information 
d e< t iti l ^ is <. t s". v i 1 *'on v oes 
not include liio drrmnate-J at least one entry r \ La object n ^< - aaor 

10, (Currently Amended) A computer system for managing access control 
informs - e opci e computer sys t > s * 

j ep a - titrol mfotmatio wr soft\ e, the data repository 

eluding i i i haracteristic e entry in the 

use fon&atio ject infoi 1 g i (eristic fi 

east one ems y ni the < dm u < s eoni j onm 

muithynm ivv., cvaa e<is it to; jt I m e „mi m the aco. s coutml rule 
information; and 

an executable sorb dale tht es aj] n >ygr i matic c j 

me > v - , . v ? u 1 p h shaud 

characteristic ( - ge i 1 sss control > n >r i i i 1 

wbclhci a uses t! at is associated with an entry in the use" mformatn is pc nifted to 
access v J - sect that is csaoemtcd ^ har.uit '.' >~> i v i.. n " 
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generating acce ss control information: t hat en ables the user associated wit] 
'be ' -y cmK- _ 0 er a,' — at on V^ mism c am n'.ui , i ■ > - , r 
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<- ! 1 _j f h. ^ ^ ^ n 1 ' " e < ^ ^ s 

the shared characteristic and the data o bject characteristic corresponds to the 
sAarec] , k ie A s 

^ ; ^ , vi s i m ^ 1 " 

; "M 1 i i ' m - K v \ 

on programmatic com pariso n, of the user chara cteriAiC, the d ata ■object. 

i y ' ' v s. 's .• ; 5 ( i 

does not correspond tot) te -J; gx 0 ■ aa -Acb cos the data om ci cha racteristic 

! -f v i A - % 1 

A i V< Ml -n 1 l V J L! J 

xeeuLbiv. m vi . v , 5 -> tte 

v. \ 1 _ ! } v .K v. 1 v i <. d a v. t 

in the date ec i< i< v<. edetermina is has the generates 

access centre i m 1 o i 

12. (Original.) The computer system of claim 1 1 wherein the second 
executable softw; en » he i 2 same executable scd varemodi c is the ] 5 
^ ^ ue module. 

13. (Currently Amended) The computer system of claim 10 wherein the 

v (v. tae e i e 0 . „ j > < < , - >. 1 k a . ! cJtnii 

storage such that the generated access control r ule information may be accessed to 
determine whether the user is permitted to access the data object whe n the user requests 
^ c--\ e < 1 Nw. s v e 1 e \ v Ti 1 
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1 4. (Origin d) The t on pute; system of claim 10 wherein the executable 
,o n if \ c i v i i i v •> i u \ ? nhi, 

and at leasieoe trt>> n the access conooj sntormahon \> kr; bouse- eharach-ristic 
■rresp r flie shared c iractcristk 



15. hlgirsai) The compi tern o ! - v i.e exc 

\ ' i Ji , r vi ,. S ,. \ ra-ca^olfi 

i : , .I'atka-h i . w es „ \< ri t ^ e,a <^ e< t 

characteristic corresponds to the shared characteristic. 

I i s. ^ i ! .1 " K <. i to lit 
soUv. 10J1 s t - v k> < .ii or pi n . to the data 

object based on tht so i the rmatk ic share eristic and the 

assc cintk k c > c i e shared chat < 

1 7, (Original) The computer system of claim 10 wherein: 
the data repository includes: 

ser group irdbrmatk ha >o hes a user group wi 
one entry in the user information, and 

ccess control rule i 1 a s v. s hat a uses 

\ J v \ 1 1 1 1 ) J I ! 

object, and 

c\k . t ^l» <j w< „ c\ e^a^e* uCv r n« h dc baser 
^(i v, v c i ) v. i i v i v > ^ 

whwtle, H e ase as^oesaitv* c i < i i -C ei'< t ^c o i tux 

o perforn ) c ac o on pi .1 dati bjeci 
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IB (Currently Amended) h edium * 

having embodied thereon a computer program configured to generate access control 

v.i3^^->v 5 r * ^ j i cteristk 

i \, i 1 <\ 1 v n i s v SsOCi itCO 

with the identified characteristic; 

< ^ ' Kill \ ] U .O^i i \d O i I Ut i 

iSS sei ited ith tl e ;.i uficd t tete istic; i 

one entry in the user information to access die ai least one entry In the data object 
information. 



v , - i 1 e v< ^. > x t n n\ uiftui 

or i c v 1 gured e ccess centre > i uise out 

or more cod-.- >eg"\ us configured to; 

gen - it sses axess control inforn - on >al dcnlifsei an a east one entry u the 
sci 1 th t is associated xn 1 +i e idei tile teristk 

t - te i e. e> k., l i i »< t j i h u <. is c c r\ 
tin! ul, ton k > , un v !a J l v s x 

s at 1 ! ii v. ^ ■) i 3 nx 

entry in -he data object access control information. 

2( C v Kn ded) e i or signa t l! \x x e 1 1' c > s 

> O v t l K a > i <_ d it ~i K )K "* U K ISI 

scces ms at a object i » s s.ss > a^ v ! " east e p ! i 

>avl cc^i cfi! x no c i an ' , ..rn a , ^ sc ossoe 1 o 

i £ cent e user access control info t e i 

oOvW.ok" a cess co no u muiiia 



Serial No. 

Filed 

Pag, 



10/642,500 
August 18 2'*!!? 
S of 1 3 



21 {C ermmly Amended) The . , J . ^ oms-^nrd of chirr. 1 S whtmm the one 
or more code segments are farther configured to: 

V I V < ! O ! ) l 

-vi emit c i n ^ i em i. 1 v m n fin use 

Information that corresponds to trie received filter condition such that access control 

1 1 ! r X ! ! <_ n v v s ! 1 ^ ill ! O i 

22. (Currently Amended) The medium or signal of claim 18 wherein die one or 
mm rode -.egomm-- r _ e so , to 

receive a filter condition, and 

generate access control information further comprises generating access control 
* n t by eliminating at least one entry m the data object information that 
corresponds to the received filter condition such thai access control information does not 
nchn ice! e e&s e in the t object ittfc i 

23, (New) The method of claim 1 wherein programntancfoh identifying at Least 
v i > s s8 \ tified characteristu 

1 i 1 t a ! \ u t \ 1 i V s 

t s<. elated nil 1 ^ t hs d l v. 1 1 ^ - id v t , -o v n I OHVSt MP 

that ps ts i si Oin v vt ;dr the at k v -uc entry i ^ ■ b„i iformanot 

to access the a? leas' one t s m me da;,-. oh, eel i > c occurs 1 uh 
without human Intervention. 

? - i I\ 'odd.icicr I w.emm 

i <3 ■ <c< u i i a v. mm sei " onnahon \t s 
sva aud m i he met u!vn\ h < > c 

xrogranimatici fyu rst ry in user i rat sat is 

associated with the identified characteristic, and 

programmatscaliy identifying a second entry in user information that is 
-ml d\ I V ijl" ■ ?! 1 tl a - < L tc fn» <. r r n a\ -» , et with a 



Erst user and the second entry being associated with i second use* that is different 
than the first oser, 

s caliy idemii \ i ? t object infoi o 

j v data obj ! > s s ! w 1 dei i ec 

characteristic, and 

ing access, control. inf< i s c i s 

\a it 1 k - < . ' t ^ 1 n eces ic c s >ne c r% n 

at >j inf ttion < ses gc ittng access <. nformatio t enables 

the first use: to access ! he first d na o >je< t and t \q second uses to ac< ess tec i rsi data 
object. 

25, (New) The .method of claim 24 farther comprising: 

rated access control inft s 

1 V\u k ! !ddc' i n2 1 > \ka 1 i i ^ «. i n^e s 

centre; information in electronic storage comprises: 

s v ;ss cc 1 i ' <r,d ml . at 5 K udes rst »iv 

identifier that identifies the first user and a first data object identifier thai identifies the 
first data object, and 

storing a second access control information data record that includes a second 
user identifier that identifies the second user and a second data object identifier that 
identifies the first data object. 



